1
/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */
2
/* gkr-keyrings-login.c - get secrets to automatically unlock keyrings or keys
4
Copyright (C) 2007 Stefan Walter
6
The Gnome Keyring Library is free software; you can redistribute it and/or
7
modify it under the terms of the GNU Library General Public License as
8
published by the Free Software Foundation; either version 2 of the
9
License, or (at your option) any later version.
11
The Gnome Keyring Library is distributed in the hope that it will be useful,
12
but WITHOUT ANY WARRANTY; without even the implied warranty of
13
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14
Library General Public License for more details.
16
You should have received a copy of the GNU Library General Public
17
License along with the Gnome Library; see the file COPYING.LIB. If not,
18
write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
19
Boston, MA 02111-1307, USA.
21
Author: Stef Walter <stef@memberwebs.com>
26
#include "gkr-keyring-login.h"
28
#include "gkr-keyring.h"
29
#include "gkr-keyring-item.h"
30
#include "gkr-keyrings.h"
32
#include "egg/egg-secure-memory.h"
34
#include "library/gnome-keyring.h"
36
#include "ui/gkr-ask-daemon.h"
37
#include "ui/gkr-ask-request.h"
39
#include "util/gkr-location.h"
42
#include <glib/gi18n.h>
48
gkr_keyring_login_is_unlocked (void)
50
GkrKeyring *login = gkr_keyrings_get_login ();
51
return (login && !login->locked);
55
gkr_keyring_login_is_usable (void)
58
* We only flag this as usable by our internals if the keyring will
59
* be encrypted when on disk.
61
GkrKeyring *login = gkr_keyrings_get_login ();
62
return (login && !login->locked && !gkr_keyring_is_insecure (login));
66
check_ask_request (GkrAskRequest* ask)
70
keyring = GKR_KEYRING (gkr_ask_request_get_object (ask));
71
g_assert (GKR_IS_KEYRING (keyring));
73
if (!keyring->locked) {
74
ask->response = GKR_ASK_RESPONSE_ALLOW;
75
return GKR_ASK_STOP_REQUEST;
78
/* If they typed a password, try it out */
79
if (ask->response >= GKR_ASK_RESPONSE_ALLOW) {
81
g_assert (ask->typed_password);
82
if (!gkr_keyring_unlock (keyring, ask->typed_password)) {
83
/* Bad password, try again */
84
ask->response = GKR_ASK_RESPONSE_NONE;
85
return GKR_ASK_CONTINUE_REQUEST;
89
return GKR_ASK_DONT_CARE;
93
request_login_access (GkrKeyring* keyring)
98
/* And put together the ask request */
99
ask = gkr_ask_request_new (_("Unlock Login Keyring"), _("Enter login password to unlock keyring"),
100
GKR_ASK_REQUEST_PROMPT_PASSWORD);
101
gkr_ask_request_set_secondary (ask, _("Your login keyring was not automatically unlocked when you logged into this computer."));
102
gkr_ask_request_set_object (ask, G_OBJECT (keyring));
104
/* Intercept item access requests to see if we still need to prompt */
105
g_signal_connect (ask, "check-request", G_CALLBACK (check_ask_request), NULL);
107
/* And do the prompt */
108
gkr_ask_daemon_process (ask);
109
ret = ask->response >= GKR_ASK_RESPONSE_ALLOW;
110
g_object_unref (ask);
116
request_login_new (gchar **password)
122
g_assert (!*password);
124
/* And put together the ask request */
125
ask = gkr_ask_request_new (_("Create Login Keyring"), _("Enter your login password"),
126
GKR_ASK_REQUEST_NEW_PASSWORD);
127
gkr_ask_request_set_secondary (ask, _("Your login keyring was not automatically created when you logged "
128
"into this computer. It will now be created."));
130
/* And do the prompt */
131
gkr_ask_daemon_process (ask);
132
ret = ask->response >= GKR_ASK_RESPONSE_ALLOW;
134
*password = egg_secure_strdup (ask->typed_password);
135
g_object_unref (ask);
140
gkr_keyring_login_unlock (const gchar *password)
142
GkrKeyring *login = gkr_keyrings_get_login ();
143
gchar *new_password = NULL;
145
/* Make sure its loaded */
147
gkr_keyrings_update ();
148
login = gkr_keyrings_get_login ();
151
if (login && !login->locked)
154
/* Try to unlock the keyring that exists */
157
return request_login_access (login);
159
if (!gkr_keyring_unlock (login, password)) {
160
g_message ("Couldn't unlock login keyring with provided password");
167
/* No such keyring exists, and we don't have a password. */
169
if (!request_login_new (&new_password))
171
g_return_val_if_fail (new_password, FALSE);
172
password = new_password;
175
/* No such keyring exists, so create one */
176
login = gkr_keyring_create (GKR_LOCATION_VOLUME_LOCAL, "login", password);
177
egg_secure_strfree (new_password);
180
g_warning ("Failed to create login keyring");
184
g_assert (!login->locked);
186
gkr_keyrings_add (login);
187
g_return_val_if_fail (gkr_keyrings_get_login () == login, FALSE);
189
g_object_unref (login);
194
gkr_keyring_login_lock (void)
196
GkrKeyring *login = gkr_keyrings_get_login ();
198
gkr_keyring_lock (login);
201
static GnomeKeyringAttributeList*
202
string_attribute_list_va (va_list args)
204
GnomeKeyringAttributeList *attributes;
205
GnomeKeyringAttribute attribute;
207
attributes = g_array_new (FALSE, FALSE, sizeof (GnomeKeyringAttribute));
209
while ((attribute.name = va_arg (args, char *)) != NULL) {
210
attribute.name = g_strdup (attribute.name);
211
attribute.value.string = g_strdup (va_arg (args, char *));
212
attribute.type = GNOME_KEYRING_ATTRIBUTE_TYPE_STRING;
213
g_array_append_val (attributes, attribute);
220
gkr_keyring_login_master (void)
224
login = gkr_keyrings_get_login ();
225
if (!login || login->locked)
228
if (gkr_keyring_is_insecure (login))
231
return login->password;
235
gkr_keyring_login_attach_secret (GnomeKeyringItemType type, const gchar *display_name,
236
const gchar *secret, ...)
239
GnomeKeyringAttributeList *attrs;
240
GkrKeyringItem *item;
243
login = gkr_keyrings_get_login ();
244
if (!login || login->locked)
247
va_start (args, secret);
248
attrs = string_attribute_list_va (args);
251
item = gkr_keyring_find_item (login, type, attrs, TRUE);
254
item = gkr_keyring_item_create (login, type);
255
gkr_keyring_add_item (login, item);
256
g_object_unref (item);
259
g_free (item->display_name);
260
item->display_name = g_strdup (display_name);
262
egg_secure_strfree (item->secret);
263
item->secret = egg_secure_strdup (secret);
265
gnome_keyring_attribute_list_free (item->attributes);
266
item->attributes = attrs;
268
gkr_keyring_save_to_disk (login);
272
gkr_keyring_login_lookup_secret (GnomeKeyringItemType type, ...)
275
GkrKeyringItem *item;
276
GnomeKeyringAttributeList *attrs;
279
login = gkr_keyrings_get_login ();
280
if (!login || login->locked)
283
if (!login->location)
286
va_start (args, type);
287
attrs = string_attribute_list_va (args);
290
item = gkr_keyring_find_item (login, type, attrs, TRUE);
291
gnome_keyring_attribute_list_free (attrs);
300
gkr_keyring_login_remove_secret (GnomeKeyringItemType type, ...)
303
GkrKeyringItem *item;
304
GnomeKeyringAttributeList *attrs;
307
login = gkr_keyrings_get_login ();
308
if (!login || login->locked)
311
if (!login->location)
314
va_start (args, type);
315
attrs = string_attribute_list_va (args);
318
item = gkr_keyring_find_item (login, type, attrs, TRUE);
319
gnome_keyring_attribute_list_free (attrs);
322
gkr_keyring_remove_item (login, item);
323
gkr_keyring_save_to_disk (login);